隐私政策
Last updated: July 2026
TLDR: FSB operates entirely within your browser. No browsing data is collected by FSB servers, and AI calls go directly from your browser to the provider you choose. API keys are encrypted locally with AES-GCM, and memory data stays on your device. The only data that ever leaves your machine for FSB is opt-out anonymous usage telemetry that powers the public /stats page. If you pair Remote Dashboard, transient live-preview frames can pass through the relay during the session, but they are not stored. Everything is open source and auditable.
数据收集
FSB operates entirely within your browser. When you initiate an automation task, the extension may inspect the active tab's DOM (Document Object Model) and, when you invoke a capability, make same-origin site API requests from your browser session.
- 不收集或保存当前会话之外的任何浏览历史
- DOM data and site API results are analyzed locally and discarded after each automation step unless you explicitly save them in memory
- 不从你访问的页面采集任何个人信息
Site API capabilities
FSB's capability layer can call a site's own first-party API from the page context, using your already-authenticated browser session. These requests run locally in Chrome; first-party cookies or site auth may be attached by the browser for that target site, but FSB does not return, store, log, or send cookies, tokens, CSRF values, request bodies, or response bodies to FSB servers.
Capability invocations follow FSB's consent controls and are recorded only in the redacted local audit log: origin, capability slug, method, side-effect class, consent decision, and outcome. The audit log never stores invocation arguments, request bodies, response bodies, cookies, tokens, CSRF values, or site response payloads.
FSB 请求的 Chrome 权限
为了执行网页自动化,FSB 在其 Chrome 清单中声明以下权限。每项仅用于其记录的用途;不会以任何一项为依据将数据发送至设备外。
- DOM and tabs,
activeTab,scripting,tabs,windows,sidePanel, and host permission<all_urls>: read and write the active tab, inject the automation content script, list and switch tabs, and render the side panel - Advanced automation,
debugger: attach the Chrome DevTools Protocol for coordinate-based clicks, drag, and key-hold actions that the regular DOM API cannot perform.webNavigation: observe navigation start/finish events so automation waits for the right moment - Local storage,
storage,unlimitedStorage: store your settings, credentials, payment methods, and memory inchrome.storage.localon your device. Unlimited storage lifts the default 10 MB quota so memory and session logs can grow without hitting a wall - UX helpers,
clipboardWrite: write copy-to-clipboard results from automation.alarms: schedule background housekeeping.offscreen: host the speech-to-text recorder in a hidden document because service workers cannot capture audio directly
语音转文字所需的麦克风访问权限未在清单中声明。当你首次使用麦克风按钮时,Chrome 会自行弹出权限请求。
数据存储
所有设置和数据都保存在 Chrome 扩展的本地存储中。FSB 对 API Key 等敏感数据使用 AES-GCM 加密。
- 配置保存在
chrome.storage.local中 - API Key 在保存前会使用 AES-GCM 加密
- 会话日志保存在本地,可随时清除
- 分析数据(任务计数、成功率)保留在你的设备上
外部服务
FSB 仅在你配置并使用托管提供商时,才与外部 AI 提供商通信。如果你使用 LM Studio,AI 请求会通过其本地 OpenAI 兼容服务器留在本机。提供商选择与发送的数据完全由你掌控。
- 托管 API 调用只会发往你选择的提供商(xAI、OpenAI、Anthropic、Google 或 OpenRouter)
- LM Studio 在你的设备上使用本地 OpenAI 兼容服务器,且无需 API Key
- Sent data includes: task description, DOM structure summary, and action context
- If you pair Remote Dashboard or use legacy Background Agents sync, an optional relay server handles WebSocket messages for that session. Live-preview frames may pass through the relay transiently, but page content, DOM data, screenshots, AI prompts, AI responses, cookies, tokens, and site API payloads are not persisted on the server. This is opt-in only
- 每个提供商都有自己的隐私政策,规定其如何处理 API 请求
Remote Dashboard and PhantomStream Live Preview
When you pair Remote Dashboard, FSB can show a live preview of the active browser tab using PhantomStream. The preview streams structured DOM data instead of pixels: an initial snapshot, MutationObserver diffs, scroll position, automation overlays, dialog state, media playback state, and remote-control messages over WebSocket.
- The relay forwards those live-preview frames only to the paired dashboard session. FSB servers do not persist page DOM, page content, screenshots, AI prompts, AI responses, cookies, tokens, or site API payloads from the preview stream
- FSB enables PhantomStream input masking (
maskInputs: true), so passwords and form-control values are masked before they leave the captured page - The dashboard viewer renders mirrored content in a scriptless sandbox and sanitizes mirrored DOM and CSS before display
- Images, video, and audio are mirrored by reference in current dashboard mode. Media bytes do not cross the relay; the viewer may fetch allowed public HTTPS asset or media URLs directly, while private, internal, non-HTTPS, or otherwise blocked origins are replaced with placeholders by PhantomStream's fail-closed fetch policy
无第三方跟踪
FSB 不包含任何第三方分析、广告跟踪器或跨站点指纹识别。除你显式配置的 AI 提供商 APIs 之外,没有 Cookie,也没有第三方脚本。FSB 向自身发送的唯一第一方数据是下面描述的可选退出的匿名使用遥测,仅用于驱动公开的 /stats 仪表板。
API Key
你的 API Key 会在保存前通过 AES-GCM 在本地加密。除了你配置的 AI 提供商之外,绝不会发送到任何地方,且只在 API 请求的身份验证头中使用。
- Key 在 Chrome 存储中以加密形式静态保存
- 仅在 API 调用时在内存中解密
- Key 绝不会被记录、导出或共享
自动密码
FSB 提供可选的凭据管理器,将登录凭据加密保存到你的设备。密码不会暴露给 AI 模型,而是由内容脚本直接填入页面,完全绕过 AI。
- 凭据在静态保存时使用 256 位密钥和 PBKDF2 派生密钥的 AES-GCM 加密
- AI 分析页面时,密码字段的值会被替换为
[hidden]。真实密码绝不会出现在任何 AI 提示中 - Auto-fill is performed by the content script injecting values directly into the DOM, with no AI involvement in the credential flow
- 凭据列表视图仅显示用户名和域名。密码只在自动填充需要时单独解密
- 凭据按域名存储,并具备父域回退(例如 accounts.google.com 会继承 google.com)
付款方式
FSB 包含一个可选的付款方式保险库,将卡片信息保存在你的设备上以便结账时自动填写。卡片采用与登录凭据相同的加密与 AI 隔离机制,完整的卡号绝不会发送给任何 AI 模型。
- 卡片信息(卡号、有效期、持卡人和邮编)使用与凭据相同的保险库派生密钥,通过 AES-GCM 在静态时加密
- 当 AI 分析结账页面时,检测到的卡号字段值会在构建提示词之前被替换为
[hidden]。卡号、CVV 和有效期绝不会包含在任何 AI 提示词中 - 自动填写由内容脚本直接写入页面的 DOM 字段完成,完全绕过 AI
- 列表视图仅显示卡片别名与后 4 位数字。完整卡号仅在填写的那一刻在内存中解密
- MCP 客户端可以通过
use_payment_method请求执行付款自动填写,但在任何卡片数据写入页面之前,会在扩展内向用户显示确认提示 - 除非你为某张卡片明确启用,否则 CVV 永远不会被持久保存;即使启用,它也会与记录的其余部分一起加密
语音转文字
FSB 在提示词输入框中包含一个可选的麦克风输入。默认提供商完全在你的浏览器中运行;如果你需要更高的准确性,可在设置中启用可选的 OpenAI Whisper 后备方案。
- Default provider: the browser's native
SpeechRecognitionAPI. Audio is processed by Chrome and never leaves your device through FSB - 可选的 Whisper 提供商:当
sttProvider设置为whisper且配置了 OpenAI 密钥时,录制的音频片段会从你的浏览器直接上传到 OpenAI 的转录接口。FSB 从不查看或存储该音频 - 麦克风仅在你按住或已切换开启麦克风按钮的期间处于活动状态。首次使用时 Chrome 会请求权限;FSB 不会在扩展清单中请求麦克风访问权限
- 转录结果只插入到提示词文本框中,绝不会在你选择发送的活跃 AI 请求之外被记录、保存或传输
- 通过不触碰麦克风按钮,或在 Chrome 扩展存储中清除可选的 Whisper 提供商,即可完全禁用语音功能
防止提示词注入
网页可能包含旨在劫持 AI 智能体的隐藏文本。FSB 通过多层防御确保 AI 只遵循你的指令,绝不执行嵌入在页面内容中的指令。
- 所有页面内容都被包裹在
[PAGE_CONTENT]边界标记内,并指示 AI 永远不要执行其中的指令 - 在内容到达 AI 之前,清洗引擎会剥离已知的注入模式(例如“忽略以上指令”、伪造的系统提示、覆盖请求)
- AI 生成的动作会在执行前进行验证。危险 URL(
javascript:、data:)和脚本注入尝试将被阻止 - Only a strict, fixed allowlist of known tools can be executed. The AI cannot invent or call arbitrary actions
- 内容大小有上限(单值 500 字符,提示总上限 15K),限制有效载荷投递
- 网站嵌入的不可见 Unicode 控制字符会在处理前被剥离
后台智能体与服务器同步
Deprecated in v0.9.45rc1. FSB's built-in Background Agents have been superseded by OpenClaw and Claude Routines, with remote control now handled by the Sync tab. The disclosures below are retained for users still running v0.9.44 or earlier; on current builds the relay server is only contacted when you pair a Sync session.
If you opt into legacy Background Agents server sync or pair Remote Dashboard, a relay server facilitates communication between your extension and the dashboard.
- 服务器会保存:智能体定义(名称、计划、目标 URL)、运行指标(Token 数、成本、时长、成功/失败状态)、会话配对令牌
- The server does NOT persist: page content, DOM data, browsing history, screenshots, AI prompts, AI responses, cookies, tokens, site API payloads, or other data from the pages you visit
- 身份验证使用本地生成的哈希 Key,以及 24 小时后失效的会话令牌
- 一次性配对令牌在 60 秒后失效,无法重复使用
- 服务器同步默认关闭,需要你在“选项”中显式启用
记忆系统
FSB 的记忆系统会沉淀导航模式和站点情报,让自动化随时间持续优化。
- 所有记忆数据(语义、情景、过程)都保存在
chrome.storage.local中 - 记忆数据不会发送到任何外部服务器
- 你可在选项控制台中随时查看并清除记忆
- 站点地图和导航模式按域名隔离,互不影响
匿名使用遥测
FSB v0.9.69 引入了一个可选择退出的匿名使用情况遥测管道,以便项目可以发布汇总的采用数据(参见 /stats),且绝不触及你浏览的页面。唯一的位置信号是服务器在接收时从你的请求 IP 派生出的粗略国家/州标签(绝不来自页面内容),且仅以汇总形式保留——参见下方的 地区(州级)指标。遥测默认开启,但可通过单个开关禁用,并且可应请求删除每次安装的数据。
我们收集的内容
- 每次安装随机生成的 UUID,存储在
chrome.storage.local的键fsbInstallUuid下。UUID 在本地生成,永不与你的身份关联。 - 所使用的 MCP 客户端名称(例如 Claude Code、Cursor、Codex),取自固定的允许列表。
- 会话中使用的模型名称(例如
grok-4-fast、claude-opus-4),取自固定的允许列表。 - 每个会话的输入/输出 token 数量聚合值。
- 你的安装上活跃的 FSB 代理数量(一个整数值)。
我们不收集的内容
- 页面 URLs、主机名或浏览历史。
- 提示、指令、任务描述或你发送给模型提供商的任何自然语言文本。
- Page DOM, screenshots, page content, site API payloads, or AI responses.
- 明文 IP 地址。服务器仅出于两个目的临时且内联地使用请求 IP——用于限流的每日轮换加盐哈希,以及派生粗略的国家/州标签(见下文)——随后立即将其丢弃。明文 IP 绝不会被存储或记录。
- 姓名、用户名、账号 handle 或任何自由文本身份字段。
- 电子邮件地址、电话号码或联系信息。
地区(州级)指标
- 服务器在接收时,使用自托管的 DB-IP IP-to-City Lite 数据集和我们自己的查找逻辑,从你的请求 IP 派生出粗略的国家和美国州(行政区)标签——并非实时的第三方地理定位服务,也绝不是 MaxMind。明文 IP 被内联处理并丢弃;仅保留派生出的标签。
- 地区仅存储在每日汇总中,且位于 k≥5 的匿名阈值之后:某一天内不同安装数少于 5 的任何州都会合并到单个“Other”桶中(当该合并计数本身低于 5 时则完全抑制)。任何单个州标签都绝不会代表少于 5 次安装。
- 不存在按安装的位置画像。粗略标签仅存在于短暂的原始事件(由 7 天保留策略删除)和经 k≥5 过滤的每日汇总中;我们绝不构建或保留从你的安装到某个地点的持久映射。地理定位数据来自 DB-IP(https://db-ip.com)。
保留期
原始事件保留 7 天。每日汇总(每安装每天一行)保留 365 天。全局聚合(每天一行,不按安装维度)无限期保留,以便 /stats 上的历史图表保持稳定。
如何选择退出
打开 FSB 控制面板,滚动到"高级设置",将 发送匿名使用数据 开关关闭。更改立即生效;之后不会再从你的安装发送事件。
如何擦除你的数据
To request erasure of all telemetry rows associated with your install (GDPR Article 17), look up your fsbInstallUuid in Chrome DevTools → Application → Storage → Extension storage, then send a single HTTP request:
curl -X POST -H "Content-Type: application/json" \
-d '{"install_uuid":"<your-uuid>"}' \
https://full-selfbrowsing.com/api/telemetry/forgetLimited Use 合规声明
FSB 的匿名使用遥测仅用于计算在 full-selfbrowsing.com/stats 公开展示的聚合使用统计。数据从不出售、从不与第三方共享、从不用于广告,且从不用于训练任何机器学习模型。此承诺满足 Chrome Web Store 的 Limited Use 要求。
聚合的公开指标
我们在 /stats 发布来自此遥测管道的聚合指标。仅展示计数和总数;每安装的行从不暴露。
Consent and Audit Controls
FSB's automation posture is opt-out: non-denylisted origins inherit a user-configurable global default that currently ships as Auto, while explicit per-origin policies can set an origin to Off, Ask, or Auto. Audit-log retention is local and bounded, with export and clear controls available from the Control Panel.
- The service denylist is still a hard block. Denied origins are non-enableable regardless of the global default or any stored per-origin policy.
- Sensitive origins can run reads under Auto, but writes re-enforce the per-origin mutating opt-in before execution. Non-sensitive origins can be opted out or moved to Ask from the Control Panel's Consent & Audit section.
- 每次能力调用都会记录在经过脱敏的、仅可追加的本地审计日志中。绝不会存储任何参数、令牌、Cookie 或响应正文。
开源
FSB is fully open source under the BSL 1.1 License. You can audit every line of code to verify these privacy claims. The source code is available on GitHub.
本政策的变更
若本政策更新,变更将体现在页面顶部的“最后更新”日期。重要变更也会在项目的 GitHub 发布说明中注明。
联系方式
If you have questions about this privacy policy or FSB's data handling, please open an issue on GitHub Issues.
政策历史
Each entry below is a complete snapshot of the privacy policy as it stood on the date shown. Older versions are kept so you can audit what we promised at any point in time.
March 2026v9.0.2 — Background Agents, Memory System, Server Sync, Anonymous Usage Telemetry, Legal Posture (full archived text)
Archived copy of the privacy policy as it stood in March 2026, before the May 2026 update. This snapshot preserves the then-current policy body, including later telemetry and legal-posture additions that were present on the Angular page before this archive pass.
TLDR FSB operates entirely within your browser. No browsing data is collected. API keys are encrypted locally with AES-GCM. AI calls go directly from your browser to the provider you choose. The optional relay server for Background Agents stores only run metadata, never page content. Memory data stays on your device. Everything is open source and auditable.
Data Collection
FSB operates entirely within your browser. The extension only accesses the DOM (Document Object Model) of the currently active tab when you initiate an automation task.
- No browsing history is collected or stored beyond the current session
- DOM data is analyzed locally and discarded after each automation step
- No personal information is harvested from pages you visit
Data Storage
All settings and data are stored locally in Chrome's extension storage. FSB uses AES-GCM encryption for sensitive data like API keys.
- Configuration is stored in
chrome.storage.local - API keys are encrypted before storage using AES-GCM
- Session logs are stored locally and can be cleared at any time
- Analytics data (task counts, success rates) stays on your device
External Services
FSB communicates with external AI providers only when you configure and use a hosted provider. If you use LM Studio, AI requests stay on your machine through its local OpenAI-compatible server. The choice of provider and what data is sent is under your control.
- Hosted API calls are made only to the provider you select (xAI, OpenAI, Anthropic, Google, or OpenRouter)
- LM Studio uses a local OpenAI-compatible server on your device and does not require an API key
- Sent data includes: task description, DOM structure summary, and action context
- If you use the Remote Dashboard or Background Agents sync, an optional relay server handles WebSocket messages and stores agent run metadata (task name, cost, duration, success/fail). No page content, DOM data, or AI responses are stored on the server. This is opt-in only
- Each provider has their own privacy policy governing how they handle API requests
No Tracking
FSB does not include any analytics, telemetry, or tracking services. There are no cookies, no fingerprinting, and no third-party scripts beyond the AI provider APIs you explicitly configure.
API Keys
Your API keys are encrypted locally using AES-GCM before being stored. They are never transmitted anywhere except to the AI provider you configured, and only as authentication headers in API requests.
- Keys are encrypted at rest in Chrome storage
- Decryption only happens in-memory when making API calls
- Keys are never logged, exported, or shared
Auto-Passwords
FSB includes an optional credential manager that stores login credentials encrypted on your device. Passwords are never exposed to AI models. They are filled directly into pages by the content script, bypassing the AI entirely.
- Credentials are encrypted at rest using AES-GCM with 256-bit keys and PBKDF2 key derivation
- When the AI analyzes a page, password field values are replaced with
[hidden]. The actual password is never included in any AI prompt - Auto-fill is performed by the content script injecting values directly into the DOM, with no AI involvement in the credential flow
- The credential list view only shows usernames and domains. Passwords are decrypted individually and only when needed for auto-fill
- Credentials are stored per-domain with parent domain fallback (e.g., accounts.google.com inherits from google.com)
Prompt Injection Prevention
Web pages can contain hidden text designed to hijack AI agents. FSB implements multi-layered defenses to ensure the AI only follows your instructions, never instructions embedded in page content.
- All page content is wrapped in
[PAGE_CONTENT]boundary markers, and the AI is instructed to never follow instructions found within these markers - A sanitization engine strips known injection patterns (e.g., "ignore previous instructions", fake system prompts, override attempts) from all page content before it reaches the AI
- AI-generated actions are validated before execution. Dangerous URLs (
javascript:,data:) and script injection attempts are blocked - Only a strict allowlist of 50+ known tools can be executed. The AI cannot invent or call arbitrary actions
- Content size is capped (500 chars per value, 15K total prompt cap) to limit payload delivery
- Invisible Unicode control characters that websites embed are stripped before processing
Background Agents and Server Sync
If you opt into Background Agents server sync or Remote Dashboard pairing, a relay server facilitates communication between your extension and the dashboard.
- The server stores: agent definitions (name, schedule, target URL), run metrics (token count, cost, duration, success/fail status), and session pairing tokens
- The server does NOT store: page content, DOM data, browsing history, AI prompts, AI responses, or any data from the pages you visit
- Authentication uses hash keys (generated locally) and session tokens that expire after 24 hours
- One-time pairing tokens expire after 60 seconds and cannot be reused
- Server sync is disabled by default. You must explicitly enable it in Options
Memory System
FSB's memory system stores navigation patterns and site intelligence to improve automation over time.
- All memory data (semantic, episodic, procedural) is stored locally in
chrome.storage.local - No memory data is sent to any external server
- Memory can be viewed and cleared at any time from the Options dashboard
- Site maps and navigation patterns are domain-specific and isolated from each other
Anonymous Usage Telemetry
FSB v0.9.69 introduced an opt-out anonymous usage telemetry pipeline so the project can publish aggregate adoption numbers (see /stats) without ever touching the pages you browse. Telemetry is on by default but can be disabled with a single toggle, and the per-install data can be erased on request.
What we collect
- A random per-install UUID stored in
chrome.storage.localunder the keyfsbInstallUuid. The UUID is generated locally and never tied to your identity. - The name of the MCP client used (e.g. Claude Code, Cursor, Codex), drawn from a fixed allowlist.
- The model name used for a session (e.g.
grok-4-fast,claude-opus-4), drawn from a fixed allowlist. - Aggregate input/output token counts per session.
- The number of active FSB agents on your install (an integer count).
What we do NOT collect
- Page URLs, hostnames, or browsing history.
- Prompts, instructions, task descriptions, or any natural-language text you send to your model provider.
- Page DOM, screenshots, page content, or AI responses.
- Plaintext IP addresses. The server hashes the request IP with a daily-rotating salt for rate limiting and discards it.
- Names, usernames, account handles, or any free-form identity fields.
- Email addresses, phone numbers, or contact information.
Retention
Raw events are retained for 7 days. Daily rollups (one row per install per day) are retained for 365 days. Global aggregates (one row per day, no per-install dimension) are retained indefinitely so historical charts on /stats remain stable.
How to opt out
Open the FSB Control Panel, scroll to Advanced Settings, and toggle Send anonymous usage data off. The change takes effect immediately; no further events will be sent from your install.
How to erase your data
To request erasure of all telemetry rows associated with your install (GDPR Article 17), look up your fsbInstallUuid in Chrome DevTools → Application → Storage → Extension storage, then send a single HTTP request:
curl -X POST -H "Content-Type: application/json" \
-d '{"install_uuid":"<your-uuid>"}' \
https://full-selfbrowsing.com/api/telemetry/forgetLimited Use affirmation
FSB's anonymous usage telemetry is used only to compute aggregate usage statistics displayed publicly at full-selfbrowsing.com/stats. The data is never sold, never shared with third parties, never used for advertising, and never used to train any machine-learning models. This commitment satisfies the Chrome Web Store's Limited Use requirement.
Aggregated public metrics
We publish aggregated metrics derived from this telemetry pipeline at /stats. Only counts and totals are shown; no per-install row is ever exposed.
Legal Posture and Consent Model
FSB's automation posture, audit-log retention, and per-origin consent model were presented as explicit product controls. FSB does nothing on an origin until you explicitly allow it, automated read access never implies write access, and a conservative service denylist blocks automation on sensitive categories (financial and government services) outright.
- Per-origin consent is default-off. Auto and write (mutating) access are separate, explicit opt-ins managed from the Control Panel's Consent & Audit section.
- Every capability call is recorded in a redacted, append-only local audit log. No arguments, tokens, cookies, or response bodies are ever stored.
- A service denylist renders sensitive origins non-enableable, enforced at the capability gate and not merely in the interface.
Open Source
FSB is fully open source under the BSL 1.1 License. You can audit every line of code to verify these privacy claims. The source code is available on GitHub.
Changes to This Policy
If this policy is updated, the changes will be reflected by the "Last updated" date at the top of this page. Significant changes will also be noted in the project's GitHub release notes.
Contact
If you have questions about this privacy policy or FSB's data handling, please open an issue on GitHub Issues.
February 2026v0.9 — Initial privacy policy (full archived text)
Archived copy of the initial privacy policy as it stood in February 2026. This snapshot is reproduced from the original static showcase page, with the page chrome removed and the policy content preserved.
Data Collection
FSB operates entirely within your browser. The extension only accesses the DOM (Document Object Model) of the currently active tab when you initiate an automation task.
- No browsing history is collected or stored beyond the current session
- DOM data is analyzed locally and discarded after each automation step
- No personal information is harvested from pages you visit
Data Storage
All settings and data are stored locally in Chrome's extension storage. FSB uses AES-GCM encryption for sensitive data like API keys.
- Configuration is stored in
chrome.storage.local - API keys are encrypted before storage using AES-GCM
- Session logs are stored locally and can be cleared at any time
- Analytics data (task counts, success rates) stays on your device
External Services
FSB communicates with external AI providers only when you configure and use them. The choice of provider and what data is sent is under your control.
- API calls are made only to the provider you select (xAI, OpenAI, Anthropic, or Google)
- Sent data includes: task description, DOM structure summary, and action context
- No data is sent to FSB servers -- there are none
- Each provider has their own privacy policy governing how they handle API requests
No Tracking
FSB does not include any analytics, telemetry, or tracking services. There are no cookies, no fingerprinting, and no third-party scripts beyond the AI provider APIs you explicitly configure.
API Keys
Your API keys are encrypted locally using AES-GCM before being stored. They are never transmitted anywhere except to the AI provider you configured, and only as authentication headers in API requests.
- Keys are encrypted at rest in Chrome storage
- Decryption only happens in-memory when making API calls
- Keys are never logged, exported, or shared
Auto-Passwords Beta
FSB includes an optional credential manager that stores login credentials encrypted on your device. Passwords are never exposed to AI models -- they are filled directly into pages by the content script, bypassing the AI entirely.
- Credentials are encrypted at rest using AES-GCM with 256-bit keys and PBKDF2 key derivation
- When the AI analyzes a page, password field values are replaced with
[hidden]-- the actual password is never included in any AI prompt - Auto-fill is performed by the content script injecting values directly into the DOM, with no AI involvement in the credential flow
- The credential list view only shows usernames and domains -- passwords are decrypted individually and only when needed for auto-fill
- Credentials are stored per-domain with parent domain fallback (e.g., accounts.google.com inherits from google.com)
Prompt Injection Prevention
Web pages can contain hidden text designed to hijack AI agents. FSB implements multi-layered defenses to ensure the AI only follows your instructions, never instructions embedded in page content.
- All page content is wrapped in
[PAGE_CONTENT]boundary markers, and the AI is instructed to never follow instructions found within these markers - A sanitization engine strips known injection patterns (e.g., "ignore previous instructions", fake system prompts, override attempts) from all page content before it reaches the AI
- AI-generated actions are validated before execution -- dangerous URLs (
javascript:,data:) and script injection attempts are blocked - Only a strict allowlist of 30+ known tools can be executed -- the AI cannot invent or call arbitrary actions
- Content size is capped (500 chars per value, 15K total prompt cap) to limit payload delivery
- Invisible Unicode control characters that websites embed are stripped before processing
Open Source
FSB is fully open source under the MIT License. You can audit every line of code to verify these privacy claims. The source code is available on GitHub.
View the source code on GitHub
Summary
FSB processes data locally, encrypts sensitive information, never exposes passwords to AI models, defends against prompt injection attacks, communicates only with AI providers you choose, includes no tracking, and is fully auditable as open source software.